I have an in-house Exchange 2013 environment. For ease of management for the helpdesk types and auditing purposes, I have a universal distribution group that should NOT send/receive Internet email. They can and should send/receive email within the Exchange organization. I am thinking Transport rules to reject based on the group membership; however, it seems like it will block the ability to send and receive local email. Am I right with that or is there a better method to perform this action?